I. Field of the Disclosure
The technology of the disclosure relates generally to file management, and more particularly to file system policy management.
II. Background
Traditional UNIX file protection provides read, write, and execute permissions for the three user classes: file owner, file group, and other. But the protection actually provided depends on the type of file system that is implemented. Some file systems such as file allocation table (FAT) systems do not support such permissions at all. There are a large number of cases where this policy is not really enough and might need to simply add additional checks or automatically enforce permissions on certain files or directories. So there is a need for an additional layer to provide the same view or add to the current file system without actually modifying the file system itself.
On ANDROID-based devices, an external SD card and the emulated internal SD card are mounted using a file-system-in-user-space (FUSE) file system. This allows ANDROID-based devices to enforce special policies for these mount points. But this comes at a cost of performance because FUSE file systems require that all operations go through user space, and thus, every read and write needs to make six context switches to complete. Benchmarking studies have shown that this approach may be slower than actually reading/writing to the lower file system.
Original equipment manufacturers have developed file systems that allow the entire policy and file operations to be part of the kernel, and thus, these systems can achieve very close to native file system performance while still adding policy and other enforcements. But the simplicity of user space management is lost, and there is a large overhead of maintaining policy in the kernel because any change to policy requires kernel changes.